#-*- mode: ruby -*-
# vi: set ft=ruby :

Vagrant.configure("2") do |config|
  config.vm.box = "flatcar-stable"
  config.vm.box_check_update = true
  config.vm.box_url = "https://stable.release.flatcar-linux.net/amd64-usr/3510.2.3/flatcar_production_vagrant.box"
  memory = 8192
  cpus = 4

  config.vm.provider :virtualbox do |v|
     v.customize [
      "modifyvm", :id,
      "--memory", memory,
      "--paravirtprovider", "default",
      "--cpus", cpus
    ]
    v.check_guest_additions = false
    v.functional_vboxsf = false
    v.gui = false
  end

  config.vm.provider :libvirt do |v|
    v.memory = memory
    v.cpus = cpus
  end

  if File.exist?("./ssh-config")
    config.ssh.config = "./ssh-config"
  end
  config.ssh.connect_timeout = 30
  config.ssh.username = 'core'
  config.ssh.forward_agent = true
  config.ssh.insert_key = true
  config.ssh.keep_alive = true

  config.vm.synced_folder ".", "/vagrant", type: "rsync"
  config.vm.boot_timeout = 600

  config.vm.provision "install-dependencies", type: "shell", run: "once" do |sh|
    sh.inline = <<~SHELL
      set -euxo pipefail

      # Disable update-engine to avoid system reboots
      systemctl disable --now update-engine.service

      # Disable docker
      systemctl disable --now docker.service

      # Configure the kernel dependencies
      modprobe overlay
      modprobe br_netfilter

      # Enable containerd
      cat <<EOF | tee /etc/modules-load.d/containerd.conf
      overlay
      br_netfilter
      EOF
      systemctl enable --now containerd
      systemctl restart containerd.service

      # Import the test image of security profiles operator
      ctr -n=k8s.io image import /vagrant/image.tar
      crictl --runtime-endpoint="unix:///run/containerd/containerd.sock" images

      # Install Go
      mkdir /opt/go
      GO_VERSION=$(curl -sSfL "https://go.dev/VERSION?m=text" | head -n1)
      curl -sSfL -o- https://go.dev/dl/$GO_VERSION.linux-amd64.tar.gz |
        tar xfz - -C /opt

      # Configure the kernel modules
      cat <<EOF | tee /etc/modules-load.d/k8s.conf
      overlay
      br_netfilter
      EOF

      # Setup Networking
      cat <<EOF | sudo tee /etc/sysctl.d/99-kubernetes-cri.conf
      net.bridge.bridge-nf-call-iptables  = 1
      net.ipv4.ip_forward                 = 1
      net.bridge.bridge-nf-call-ip6tables = 1
      EOF

      sysctl --system

      # Install k8s components
      CNI_VERSION="v1.0.1"
      RELEASE_VERSION="v0.16.2"
      DOWNLOAD_DIR=/opt/bin
      RELEASE="$(curl -sSL https://dl.k8s.io/release/stable.txt)"

      mkdir -p $DOWNLOAD_DIR
      mkdir -p /opt/cni/bin
      mkdir -p /etc/systemd/system/kubelet.service.d

      # Install tools
      curl -sSL -o $DOWNLOAD_DIR/jq "https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64"
      chmod +x $DOWNLOAD_DIR/jq
      curl -sSL -o $DOWNLOAD_DIR/flatcar_developer_container.bin.bz2 "https://stable.release.flatcar-linux.net/amd64-usr/3510.2.3/flatcar_developer_container.bin.bz2"
      bzcat $DOWNLOAD_DIR/flatcar_developer_container.bin.bz2 > $DOWNLOAD_DIR/flatcar_developer_container.bin

      curl -sSL "https://github.com/containernetworking/plugins/releases/download/${CNI_VERSION}/cni-plugins-linux-amd64-${CNI_VERSION}.tgz" | tar -C /opt/cni/bin -xz
      curl -sSL "https://raw.githubusercontent.com/kubernetes/release/${RELEASE_VERSION}/cmd/krel/templates/latest/kubelet/kubelet.service" | sed "s:/usr/bin:${DOWNLOAD_DIR}:g" | tee /etc/systemd/system/kubelet.service
      curl -sSL "https://raw.githubusercontent.com/kubernetes/release/${RELEASE_VERSION}/cmd/krel/templates/latest/kubeadm/10-kubeadm.conf" | sed "s:/usr/bin:${DOWNLOAD_DIR}:g" | tee /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
      curl -sSL --remote-name-all https://dl.k8s.io/${RELEASE}/bin/linux/amd64/{kubeadm,kubelet,kubectl}

      chmod +x {kubeadm,kubelet,kubectl}
      mv {kubeadm,kubelet,kubectl} $DOWNLOAD_DIR/

      # Disable kernel print rate limiting for syslog messaging
      sysctl -w kernel.printk_ratelimit=0
      sysctl -w kernel.printk_ratelimit_burst=0

      systemctl enable --now kubelet
      systemctl status kubelet

      # Setup cluster
      IP=`ip route get 1.2.3.4 | cut -d ' ' -f7 | tr -d '[:space:]'`
      NODENAME=$(hostname -s)
      swapoff -a
      sysctl -w net.ipv4.ip_forward=1
      kubeadm init --config /vagrant/hack/ci/kubeadm-config-flatcar.yaml --node-name $NODENAME

      # Setup kubectl
      mkdir -p $HOME/.kube
      cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
      chown -R core:core $HOME/.kube
      export KUBECONFIG=/etc/kubernetes/admin.conf

      # Configure cluster
      kubectl taint nodes --all node-role.kubernetes.io/control-plane-

      # Install CNI
      kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.24.5/manifests/tigera-operator.yaml
      kubectl apply -f /vagrant/hack/ci/flatcar-cni-plugin.yaml
    SHELL
  end
end
